Loria Consulting Ltd (Loria) is a business and IT consultancy providing implementation, training and support services for Sage CRM (www.loriaconsulting.com). We are also the developers of LoriaLINK (www.lorialink.co.uk) which we provide directly to our clients and through other accredited Sage business partners.
Whenever we need to collect any of your data, we will let you at that point why we need to do so and what it will be used for, but this guide provides a useful overview of all of those situations and provides more detail on how we keep your data secure and up to date, how long we might hold it for, and what your rights are in relation to it.
Loria is committed to protecting your personal data and will use any personal or sensitive data we collect from you in line with the General Data Protection Regulations (GDPR).
Who is responsible for the data that Loria collects?
Loria is a Data Controller under the GDPR. Our Data Protection Officer is Mark Ayling, Managing Director. He can be contacted by using the Contact Form here.
What data do we collect and what do we use it for?
We collect and store information related to our customers, prospects and suppliers for the purpose of providing services and managing commercial relationships.
The data we hold on individuals is consistent with the purpose of day-to-day account management and includes name, address, business position, telephone number and email address. We also maintain notes related to various interactions such as customer service and maintaining licensing information for LoriaLINK.
In addition to our own use of Sage CRM which is hosted within the EU, we use other common third-party business applications to run our business. From information provided by the application providers or from that which is in the public domain, these applications are either hosted within the EU or are subject to reciprocal agreements such as the ‘EU-US Privacy Shield’.
We may, from time to time, send marketing information relating to our products and services or those of Sage plc. We will only send information to individuals from whom we have a positive consent to do so. Any marketing email communication will provide an opportunity to unsubscribe. However, consent can be withdrawn at any time by contacting the Date Protection Officer.
Unless we are required to comply with requests from organisations that have a legal right to demand any disclosure of data from us, it is our general policy not share personal information outside of the company. However, on occasions it may be necessary to share information with our business partners such as Sage plc for the purposes of product support or to resolve any customer service issues. We may also share information with credit agencies in order to grant commercial terms or if the terms of our consultancy agreement have been infringed.
Where our Clients provide us with any data in any format which includes personal, identifiable data or enables remote access either through an attended or unattended session to such data, it is the Client’s sole responsibility to ensure that any access is in compliance with GDPR. This will include provisions that appropriate consents have been obtained by the Client from any data subject(s) prior to access being provided for any data made accessible to us. Furthermore, it is the Client’s responsibility to ensure that any transmitted data is in encrypted or secure format or has been anonymised or pseudonymised.
How can you update your data?
You can contact our Data Protection Officer at any time to update or correct the data we hold on you. Requested changes will be actioned within one calendar month of receiving your written instruction.
How long we will hold your data?
Our data retention policy is to review all data held on individuals at least every two years and remove data where we no longer have a legitimate business reason to keep it.
Where you have withdrawn your consent for us to use your data for a particular purpose (e.g. unsubscribed from a mailing list) we may retain some of your data for up to two years in order to preserve a record of your consent having been withdrawn.
What rights do you have?
Under the GDPR, you have the following rights over your data and its use.
- The right to be informed about what data we are collecting on you and how we will use it
- The right of access - you can ask to see the data we hold on you
- The right to rectification - you can ask that we update or correct your data
- The right to object - you can ask that we stop using your data for a particular purpose
- The right to erasure - you can ask us to delete the data we hold on you
- The right to restrict processing - you can ask that we temporarily stop using your data while the reason for its use or its accuracy are investigated
- The right to receive your data in a portable format for transfer to another data controller.
You also have rights related to portability and automated decision making (including profiling) although these are unlikely to apply to the data that we hold or the way that it is used.
All requests related to your rights should be made to the Data Protection Officer. We will respond within one month.
You can find out more about your rights on the Information Commission’s Office website at https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/
What will we do if anything changes?
If we make changes to our privacy statements or processes we will post the changes on our website. Where the changes are significant, we may also choose to email individuals affected with the new details. Where required by law, will we ask for your consent to continue processing your data after these changes are made.
Cookies are small files saved to the user's computer’s hard drive that track, save and store information about the user's interactions and usage of the website. This allows the website, through its server to provide the users with a tailored experience within this website.
Users are advised that if they wish to deny the use and saving of cookies from this website on to their computers hard drive they should take necessary steps within their web browsers security settings to block all cookies from this website and its external serving vendors.
Other cookies may be stored to your computer’s hard drive by external vendors when this website uses referral programs, sponsored links or adverts. Such cookies are used for conversion and referral tracking and typically expire after 30 days, though some may take longer. No personal information is stored, saved or collected
How do I turn cookies off?
It is usually possible to stop your browser accepting cookies, or to stop it accepting cookies from a particular website.
All modern browsers allow you to change your cookie settings. You can usually find these settings in the 'options' or 'preferences' menu of your browser. The 'Help' option in your browser will give more details.
You can find out more about cookies and their use on the internet from www.allaboutcookies.org
Version 1.0 24-5-2018